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1 1 . (Amended) A security system for a computer apparatus, wherein said 

2 computer apparatus includes a processor and system memory, said security system 

3 comprising: 

4 at least one security module which under direction from the processor accesses 

5 and analyzes selected portions of the computer apparatus to identify vulnerabilities; 

6 at least one utility module which under the direction from the processor, performs 

7 various utility functions with regards to the computer apparatus in response to the 

8 identified vulnerabilities, the utility functions including generating a configuration 

9 baseline and a file system database for use in performing other utility functions; and 

10 a security system memory which contains security information for performing the 

1 1 analysis of the computer apparatus. 

1 2. (Unchanged) The security system of claim 1 further including at least one 

2 graphical user interface in connection with the computer apparatus through which a 

3 system user may direct operations of the security system. 

1 3. (Unchanged) The security system of claim 2 further including a reporting 

2 module which provides status information to the GUI with regards to operations of the 

3 security system. 

1 4. (Unchanged) The security system of claim 1 wherein the security modules 

2 include at least one of: 

3 a configuration/system module which performs an initial analysis of the computer 

4 system acquire configuration information; 

5 a directory checking module which analyzes directories and files in the system 

6 memory to determine if security critical files have been tampered with; 
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7 a user manager module which analyzes the system memory with regards to 

8 improper of invalid permissions given to users of the system for accessing particular 

9 files; 

10 an integrity checking module which analyzes files in the system memory to 

1 1 identify system vulnerabilities; 

12 a network checking module which analyzes the computer apparatus to identify 

13 vulnerabilities created as a result of the computer apparatus connecting with a data 

14 network; 

15 a password checking module which analyzes passwords for users of the computer 

1 6 apparatus to identify vulnerabilities. 

1 5. (Unchanged) The security system of claim 4 wherein the utilities modules 

2 include at least one of: 

3 said user manager module which includes functionality to perform at least one of: 

4 create a user account, modify the user account, delete the user account, create a user 

5 template, edit the user template, and delete the user template; 

6 a file removal module which deletes selected files from the system memory and 

7 removes links to the deleted file; 

8 a file marking module which marks selected files; and 

9 a scheduling module which may be employed to schedule any and all of the 
10 security modules to perform analysis of the system memory. 

1 6. (Unchanged) The security system of claim 2 wherein the computer 

2 apparatus comprises a Unix server. 

1 7. (Unchanged) The security system of claim 6 wherein the server is 

2 connected to a data network. 
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1 8. (Unchanged) The security system of claim 2 wherein a plurality of 

2 interface screens are presented at the GUI for controlling operations of the security 

3 system. 

1 9. (Unchanged) The security system of claim 4 wherein the system memory 

2 comprises a list of known vulnerabilities which may be employed by the integrity 

3 checking module. 

1 10. (Unchanged) The security system of claim 4 wherein the system memory 

2 comprises dictionaries and other tools employed by the password checking module. 

1 11. (Amended) A method of providing a security assessment for a computer 

2 system which includes a system memory, comprising the steps of: 

3 generating a configuration baseline; 

4 providing a security subsystem in the computer system such that functionality of 

5 the security subsystem is directed through a processor for the computer system, wherein 

6 the security performs steps comprising: 

7 identifying a configuration of system and generating a file system database; 

8 accessing the system memory and performing at least one procedure to provide a 

9 security assessment for at least one aspect of the computer system; 

10 as a result of any vulnerabilities discovered in the assessment, identifying 

1 1 corrective measures to be taken with regards to the computer system; 

12 reporting the discovered vulnerability and the identified corrective measures; and 

13 upon receiving an appropriate command, initiating the corrective measures. 

1 12. (Unchanged) The method of claim 1 1 wherein the step of performing at 

2 least one procedure to provide a security assessment includes at least one of: 
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3 performing an analysis of the directories and files in the system memory to 

4 determine if security critical files have been tampered with; 

5 analyzing the system memory with regards to improper or invalid permission 

6 given to users of the system for accessing particular files; 

7 analyzing the system memory to identify system vulnerabilities; 

8 analyzing the computer apparatus to identify vulnerabilities created as a result of 

9 the computer apparatus connecting to a data network; and 

10 analyzing passwords for users of the computer apparatus to identify 

1 1 vulnerabilities. 

1 13. (Unchanged) The method of claim 12 wherein based on the identified 

2 vulnerabilities at least one of the following steps are performed: 

3 amending, deleting, or creating user accounts; 

4 amending, deleting, or creating user templates; 

5 deleting selected files from the system memory and removing links to said file; 

6 marking of selected files within the system memory. 

1 14. (Unchanged) The method of claim 12 wherein the method of analyzing 

2 directories and files comprises the steps of: 

3 accessing individual files in the system memory; 

4 identifying the type of file contained therein; 

5 making a determination as to whether the permissions for the identified file are 

6 secure; 

7 if the permissions are not secure, providing a report describing the insecurity; 

8 providing corrections for the detected files which are insecure and initializing 

9 corrective action upon receiving direction. 
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1 15. (Unchanged) The method of claim 12 wherein the step of analyzing the 

2 system memory with regards to improper or invalid permissions given to users further 

3 comprises the steps of: 

4 performing a check to see if a user owns his or her home directory; 

5 performing a check to see if the user's group owns the home directory; 

6 performing a check to see if user related files are valid; and 

7 performing a check to see if the user's directory exists. 

1 16. (Unchanged) The method of claim 12 wherein the step of analyzing files 

2 in the system memory to identify system vulnerabilities further comprises the steps of: 

3 providing a vulnerability database which includes a number of identified system 

4 vulnerabilities; 

5 accessing the individual files in the system memory; 

6 determining whether the files' owner matches a predetermined profile; 

7 determining whether the file's group matches a predetermined profile; 

8 determining whether the permissions associated with the file match a 

9 predetermined profile; and 

10 determining whether the files predate a patch; and 

1 1 providing a report on any vulnerabilities which may exist in the system memory. 

1 17. (Unchanged) The method of claim 12 wherein the step of analyzing the 

2 computer apparatus to identify vulnerabilities traded as a result of the computer apparatus 

3 connecting with the data network: further comprises the steps of: 

4 checking for insecure configuration files; 

5 checking running of excessive system services; and 
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6 checking whether the computer system is running in the promiscuous mode. 

1 18. (Unchanged) The method of claim 12 wherein the step of analyzing 

2 passwords further comprises the step of: 

3 identifying all passwords for the users of the computer system; 

4 reading the passwords and for each identifying a next similar salt entry; 

5 identifying a next predetermined number of words from the dictionary; 

6 performing a word filtering method with regards to the passwords to add to the 

7 word list; 

8 determining whether the word is in the list. If the word is in the list removing the 

9 user from the list. If the word is in the list removing the user from the list. 

1 19. (Unchanged) The method of claim 1 1 further comprising the step of 

2 displaying result of the security analysis via a graphical user interface. 

1 20. (Unchanged) The method of claim 1 1 wherein the computer system is 

2 connected to a data network. 
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